Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Networking: Full DNS Server

It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.

419 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    wingmanwingman shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • Craig Longford (DeltaWolf7)Craig Longford (DeltaWolf7) commented  ·   ·  Flag as inappropriate

        I would have to agree fully. I use the Sophos UTM at home and its wonderful apart from DNS issues with nix devices. All the Windows boxes can find each other by name but devices running things like Android can't find systems and servers by name.
        This can be fixed using a dedicated DNS server but its a waste when so easily added to the UTM.

      • JoshJosh commented  ·   ·  Flag as inappropriate

        This is mandatory, even if it was only limited to only 1000 entries since I need to setup cname over-rides for various search sites to work correctly/safely in https mode. I'm looking at you google....

        As it is I can't consider this product at any price.

      • nemnem commented  ·   ·  Flag as inappropriate

        I'd love to have a fully working in-built DNS server as well. The lack of the feature really breaks configurations and requires an administrative overhead, i.e. running a dedicated system just for name resolution.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Currently, it's a limitation of utm that only one ip address is allowed per static host. If you want to allocate static ip addresses for a laptop which has wired and wireless NICs, this means you have to create two static hosts. This uses two of the allowed number of hosts when there is actually only one physical host. Even if there is not a "full DNS server", this limitation should be fixed.

      • Leen KeusLeen Keus commented  ·   ·  Flag as inappropriate

        This feature request is here now for several years, why is it so difficult? I have installed 2 FreeNAS systems (1 backup), but we could not reach them because of this lack. I had to install a Linux machine with dnsmasq to solve this problem. Please solve it!

      • christian kuepperschristian kueppers commented  ·   ·  Flag as inappropriate

        That´s what I´m looking for. Can´t be difficult.UTM is now creating a zone in BIND for every host and reverse entry, regardsless the DNS-Suffix.

      • Linkz0rsLinkz0rs commented  ·   ·  Flag as inappropriate

        One more thing... I would prefer this (since by slaving OpenNICs root zone) I would avoid having to set DNS forwarders, and can instead receive DNS info/traffic from OpenNIC... I have tested this fully on Bind before, and would like this in Astaro. :)
        This way, using OpenNIC as my trusted ROOT server... I trust OpenNIC fully, as I have used them previously (but using an already existing T2 server is a bit slow... Using my own is VERY FAST).

      • tomtom commented  ·   ·  Flag as inappropriate

        This is especially important as Astaro supports IPv6, and it would be really nice if it could automatically create IPv6 reverse DNS for RADVD clients.

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        Also, the ability to create multiple A records for an FQDN. That would solve a long-standing problem with Network Definitions. At present, it's not possible to create a network which is a list of IPs; each IP must be assigned to a separate Host definition, and then the separate definitions loaded into a Network Group. If it were possible to assign multiple IPs in a static DNS mapping, a 'DNS Group' Network Definition would solve the problem cleanly.

      • Andreas MelcherAndreas Melcher commented  ·   ·  Flag as inappropriate

        I would suggest looking into for this task. There is a single program for each DNS task so that all duties are separated as one would like to have on a firewall. Furthermore the config files are already prepared to be worked on by programs. Most important: this tool has an extremely low memory and performance footprint which makes it usable even in the smallest boxes.

      • markmurphymarkmurphy commented  ·   ·  Flag as inappropriate

        Would like a option to create internal zone both forward and reverrse so internal DNS would not be needed. There is another reqest for full fuction DNS so I will support that reqest as it more accurately reflects what I am asking for

      • ktsumuraktsumura commented  ·   ·  Flag as inappropriate

        Lotus Domino/Notes user has many cases that install an SMTP relay server and an outside public DNS server in the DMZ. There is a demand to want to use those functions in Astaro, and want to remove a DNS/SMTP relay server in the DMZ.

      • Poul PetersenPoul Petersen commented  ·   ·  Flag as inappropriate

        In a few words, there are two reasons:
        1) Allowing the branch offices to be authoritative reduces load on the central server
        2) Caches expire, an authoritative slave can continues to function indefinitely.

      • rene.gordonrene.gordon commented  ·   ·  Flag as inappropriate

        This is a required feature especially for the home use market. Everyone now has an access point and several devices in the home.

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.